Information Security Initiatives

1. Information Security System

  • Members, including the President and executive officers, annually review the action plan based on the mid-term business plan to determine the action policy.
  • The Compliance & Risk Management Committee, chaired by the President, meets quarterly to debrief and discuss the progress of information security initiatives.
  • Each division or organization's administrator, who receives instructions from the Information Security Control Division, takes the lead in managing their own holding areas. The Information Security Control Division also reviews management's progress and requires divisions and organizations to take appropriate corrective action to maintain and improve information security.

2. Management and Protection of Information Assets

  • The Group's information assets are appropriately managed using a handling method that is clarified according to their importance and risk level.

3. Employee Training

  • Employees learn about information security and management through e-learning and other courses provided annually. They are kept updated on information security communications and precautions through the internal portal site and security administrators in their divisions and organizations.
  • They also receive training on how to identify suspicious e-mails and respond to information security incidents on internal and external systems.

4. Compliance

  • Personal information collected through business activities shall be appropriately handled according to the Group's Privacy Policy.
  • To advance its business, the Group thoroughly examines and abides by each country's information security laws and regulations.

5. Response to Information Security Issues

  • In case of an information security incident or breach, the division where it occurred takes appropriate action immediately in collaboration with the Information Security Control Division. Then, the division reports it to management appropriately.
  • Should the incident or breach be deemed profound, the Incident Response Headquarters is set up immediately, with the President as the head. Then, the headquarters takes appropriate action in collaboration with an external information security specialized agency or administrative organization as necessary.